General
-
Target
674d1a8fc480f30a7b256da3fd8512844a12029aca9d83eafe6a780b1f9c365fN
-
Size
200KB
-
Sample
240920-rt4rns1dne
-
MD5
2cc46babc5e30f5c98ae61a21cfdff80
-
SHA1
73ae2a8735095357c7f78eeda5ee41b8651b77f7
-
SHA256
674d1a8fc480f30a7b256da3fd8512844a12029aca9d83eafe6a780b1f9c365f
-
SHA512
81f47aedc9b22a9b0b2849494ec8030a9169307850c0539a1f74a30c62dba56f232437eafebd8d4b2874d3fecd350f95f140d33d2ee29b735bf58dc88499c36c
-
SSDEEP
3072:BvEfVUzSLhIVbV6i5LirrlxrHyrUHUckoMQ2AN6B9O:BvEN2U+T6i5Lirrl9Hy4HUcMQn6K
Malware Config
Targets
-
-
Target
674d1a8fc480f30a7b256da3fd8512844a12029aca9d83eafe6a780b1f9c365fN
-
Size
200KB
-
MD5
2cc46babc5e30f5c98ae61a21cfdff80
-
SHA1
73ae2a8735095357c7f78eeda5ee41b8651b77f7
-
SHA256
674d1a8fc480f30a7b256da3fd8512844a12029aca9d83eafe6a780b1f9c365f
-
SHA512
81f47aedc9b22a9b0b2849494ec8030a9169307850c0539a1f74a30c62dba56f232437eafebd8d4b2874d3fecd350f95f140d33d2ee29b735bf58dc88499c36c
-
SSDEEP
3072:BvEfVUzSLhIVbV6i5LirrlxrHyrUHUckoMQ2AN6B9O:BvEN2U+T6i5Lirrl9Hy4HUcMQn6K
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4